Search CVE reports

Toggle filters

41 – 50 of 148 results

CVE-2021-22942

Medium priority
Needs evaluation

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

7 affected packages

rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2021-22904

Medium priority
Needs evaluation

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22903

Medium priority
Needs evaluation

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22902

Medium priority
Needs evaluation

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22885

Medium priority
Needs evaluation

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22881

Medium priority
Needs evaluation

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22880

Low priority
Needs evaluation

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-8264

Medium priority
Not affected

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-15169

Medium priority
Needs evaluation

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t`...

7 affected packages

rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2020-8185

Medium priority
Needs evaluation

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON